No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
admin-user privilege level

admin-user privilege level

Function

The admin-user privilege level command configures a user as an administrator to log in to the device and sets the user level.

The undo admin-user privilege level command cancels the default user level.

By default, the user level is not configured.

Format

admin-user privilege level level

undo admin-user privilege level

Parameters

Parameter

Description

Value

level

Specifies the level of a user.

A larger value indicates a higher user level. After logging in to the device, a user can run only the commands of the same level or lower levels.

The value is an integer that ranges from 0 to 15.

Views

Service scheme view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The device provides hierarchical management of commands. A command has a level, and a user can run only the commands of the same level or lower levels. By using the admin-user privilege level command to set the user level, the device controls commands used by users.

By default, commands are classified into the following levels:
  • Level 0 (visit level): Commands at level 0 include diagnosis commands such as ping and tracert commands and commands that are used to access a remote device such as the Telnet client. Commands at level 0 cannot be used to save configuration files.
  • Level 1 (monitoring level): Commands at level 1 are used for system maintenance, including display commands. Commands at level 1 cannot be used to save configuration files.
  • Level 2 (configuration level): Commands at level 2 are used for service configuration, including routing commands and commands at each network layer to provide network services for users.
  • Level 3 (management level): Commands at level 3 are used for basic operations of the system to support services, including file system, FTP, Trivial File Transfer Protocol (TFTP), configuration file switching commands, slave board control commands, user management commands, command level configuration commands, and debugging commands.

To manage users refinedly, upgrade command levels to levels 0 to 15. You can run the command-privilege level command to upgrade command levels in a batch.

  • If non-authentication is used, the administrator level is specified using the user privilege command in the VTY interface view.

  • If local authentication is used, the administrator level is specified using the local-user privilege level command.
  • If remote authentication is used, the administrator level can be set in the following ways, in descending order of priority:
    1. Using the user level sent by an authentication server to the device after authentication has succeeded
    2. Running the admin-user privilege level command to set the administrator level in a service scheme
    3. Running the user privilege command to set the user level in the VTY interface view
  • If remote authentication and local authentication are configured, remote authentication is first used. If remote authentication fails, local authentication is used. The administrator level can be set in the following ways, in descending order of priority:
    1. Using the user level sent by an authentication server to the device after authentication has succeeded
    2. Running the local-user privilege level command to set the local user level

      The local user level is used only when the remote authentication server is faulty. If the remote authentication server responds to authentication requests but does not deliver user levels, the configured local user level does not take effect.

The device can update the configuration in a domain dynamically. After a service scheme is applied to a domain, you can directly modify the user level in the service scheme but cannot unbind the service scheme from the domain. To delete the service scheme, run the undo service-scheme (AAA domain view) command.

Precautions

When configuring an AD/LDAP authenticated user to log in to a device using the web system, you need to run the admin-user privilege level level command in the service scheme applied in the user authentication domain to set the user level to 3 or high; otherwise, the user cannot log in to the device using the web system.

Follow-up Procedure

Run the display service-scheme command to view the user level in a service scheme.

Example

# Configure a user as an administrator to log in to the device and set the administrator level to 15.

<Huawei> system-view
[Huawei] aaa
[Huawei-aaa] service-scheme svcscheme1
[Huawei-aaa-service-svcscheme1] admin-user privilege level 15
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 211813

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next